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(54) CONTENT PROCESSING SYSTEM 

(57) A first information processing unit 100 stores 
identification information into a storage module 152, 
stores an encrypted contents signal into a mass storage 
unit 180, and supplies the encrypted contents signal 
and identification information to a second information 
processing unit 200 through a communication section 
110 In a receiving unit 170 of the first information 
processing unit 100, log information generated by a pur- 
chase processing module 153 is stored into the storage 
module 152 every time the contents key is decoded, 
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and the log information is transmitted at predetermined 
timing to a key management center 30 through the 
transmission section 110. The second information 
processing unit 200 receives the encrypted contents 
signal and the identification information through a com- 
munication section 210. and causes a contents 
processing section 260 to decode the encrypted con- 
tents signal and to append the identification information 
thereto. 
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Description 

Technical Field 

[0001] This invention relates to a contents processing system for a user to obtain encrypted contents data through 
electronic distribution. 

Background Art 

[0002] Recently, there has been data distribution for providing encrypted contents data to a user through electronic 

fo^nte" broadcast or the internet enc^ted da* * J— - - 

Sd be£w*n a data transmission device and a receiving device in order to prevent leakage of the date toa third 
^ The contents to be electronically distributed include music, images, and works such as programs and texte. 
KXn ^hWct to the contend data such as music and images on which the copynght has been established. 
Suolicatio ofsuch contents data even for the personal use may violate the copyright protection. Particularly duph- 
Son 2 dSS date orScalled digital copy or digital dubbing, enables duplication of contents data without suffering 
SSorl'on o Sals SeTefore. tnere need be some restrictions. For example, the audio digital interface preserved 
STfte EC958 Soys a copy generation restriction system called SCMS (serial copy rnanag^errt system) usedm 
Se exS , CD^Sm^ct disci DAT (digital audio tape) or MD (mini disc). This system is adapted for describing a copy 
ZEZL S SZ the digital interface for prohibKng copy of the second and 

copy for the first lime (first generation) to a predetermined recording medium. ^ rf ' ral, y- ! n fre SCMS " ^ ^5 
S code appended to or embedded in the "parent" contents data permits one-generation copy and the SCMS copy 
SnS cot SSn to prohibit copy wrth respect to the "chikT contents data, which is obtained by sending and dig- 
itaiiv duDlicatina the parent contents data at a duplication destination. , _ x . . 

SSffllnS «?whw *• service of contents data such as music data is provided through electronic d,str,bution 
S the Internet w satellrte broadcast, in general, the contents data such as music data .s encrypted and a key (con- 
tents kevl used for the encryption is also encrypted by another key (distribution key) . 
EST * MfarS* 

Soarried out as in the conventional cases, the copy control code of the "parent" contents date permits one-generation 
^y and the Spy control code of the "child" contents data in the equpment at the duplication destination must be 

ST T^Swhere the "parent" contents data are encrypted, if the equipment at the duplication destination 
EsTfun Z £ d^ode the encrypted date, sending the contents data to the ^^^S^JS^ 
without decoding is preferred in view of the processing time and labor. However, since the SCMS copy confrd Icode 
Sedded^Tthe contents date and thus encrypted together with the contents data, the copy control I code embedded 
an?encm) idin Z contents date is supplied to the equipment at the duplication destination wrthout having its value 
SncSonfre o*er hand, if the copy control code is to be rewritten to prohibit copy by the equ-pment on the supp y 
^^ enrX"n ^econ,en^ata and sent to the equipment at the duplication destination the counts date 
must be de^^ed to rewrrte the copy control code to prohibit copy and the contents data then must be encrypted again. 

'S^^tS^tX S£E£* key is approximately several bytes and the size of the contents data is 
X hundSTSes to several Mbytes or even several Gbytes. Therefore, resetting the key takes a very long 
processing time. 

Disclosure of the Invention 

100091 In view of the foregoing status of the art. it is an object of the present invention to provide a contents signal 
Sng divic^rS a confers pressing system which enable efficient embedding of Wenttcajon information of an 
JuZerrt uSi in obtaining contents signals into the contents, when a user obtains encrypted contents signals 
throuah electronic distribution and then decodes and outputs contents. 

S ttlrano^er object of the present invention to provide a contents processing device, an encryption press- 
ing device and a contents processing system which enable secure accounting when a user obtains and decodes 
encrvDted contents signals through electronic distribution. mh . 
[OOtT It is still another object of the present invention to provide a contents signal receding method vvhic en^tes 
Eent embedding of identification information of an equipment used in obtaining ~ n ^ s, 9 ra,s ' nt ? ^ «£2 
wnen a user obtains encrypted contents signals through electronic distribution and then decodes andou£ute_ co ntente, 
Io012] It is still another object of the present invention to provide a contents processing method winch enables 
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,001 3] A contents signal receiving dwice acceding to the pmM «we»on s^ ^ec^ng ^^^^^^ 
Lnen^edconren.ssign.1; stooge me^lors^^^^ 
decoding means lor decoding rher^rf^ 

55f A*o. a conlento receiving •^■^^^^^^ = S 

Mormatton to the contents signal decoded b, ' " e ^ 5ert lnrenlio „ lncU „ K: decoding means *>, decod- 

[00151 Also, a contents process.* dev.ce «^^~f2T»nm*in means lor genetaling log intormalion 

SSSST r r n-, -J. »-£ . - — * lr*ud« reoeMng means to, tec..- 
10016] Also, a contents processmg dev.ce accord.ng «°J™P^°™ '™ e encrypted con tents signal by 

ng an encrypted contents key obtained by encrypting a ^encrypted contents sig- 

ning a distribution key updated every 

S tr^rnmTng Xe accounting information when ^^"^gS^ indudes: receiving means for receiv- 
[0017] Also, a contents processing dev.ceaccord.ng totaprwart ^«™on ma predetermined 
fng a distribution key. which is a key SffiS ^S^Jm*^** accounting 
period; decoding means for decoding the ^^^^^J^^eming the use of the encrypted contents sig- 

iTsrCa?^^^^ 

decoding an encrypted contents key ^"^^^^T^ente^ is decoded; encryption means for 

Lei including storage means for storing information; and a 
mation. and transmission means fcr »g "me^foT^eSing ihe encrypted contents signal and the iden- 
second contents processing dev.ee ^"9™*™* ^cr^ intents signal, and rientification information 
tification information, decoding means for d f^ r ^^^Ss signal decoded by the decoding means, 
appending means for appending the rientfBaton '"formafton « tta contents processing 

SSn Moreover, a contents process.ng •^^SJ^^SJI contents key. log information genera- 
40 deviceincluding decoding meansfor decod.ngan ^Xtc^TZ TdLti^ by the decoding means, storage 
Hon means for generating log ^ r ^J^., *™ * 6 ^^ the log information at predetermined tim- 

100 M ^ ^ meanSf ° r 
carrying out accounting based on the tog l^^^according to the present invention includes the steps of. receiving 
„ [0021] Also, a contents jgna^ ^S^J^^SK signal; decoding the stored encrypted contents 

srren^ 

appending identification information to the | *^«*"* JJ* t0 tne present inve ntion includes the steps of: 
Sng J»^-T3fiKS^ -coding the encrypted contents 
SSnd appenlg toentiication !*^l°cc?l^ inc.udes the steps of: decoding an 

Sedc^™ 

SSi~; and tra^ the log '—^ST^i^ the steps of: receiving an 
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and transmitting the accounting information when the distribution key is updated. 

T00251 Also a contents processing method according to the present invention includes the steps of: receiving a dis- 
tribution key, which is a key for decoding an encrypted contents signal and is updated every predetermined period; 
decoding the encrypted contents signal on the basis of the distribution key; generating accounting information concern- 
ing the use of the encrypted contents signal; storing the accounting information; and transmitting the accounting infor- 
mation when the distribution key is updated. 

Brief Description of the Drawings 

[0026] 

Fig. 1 is a block diagram showing the basic structure of an entire contents distribution system to which the present 
invention is applied. 

Fig.2 is a block diagram showing the structure of a first information processing unit and a second information 
processing unit. 

Fia 3 is a block diagram showing the schematic structure in the case where the first information processing unit, 
holding only a save key, receives and saves contents data to a mass storage unit, in the contents distribution sys- 
tem. 

Fig.4 is a view for illustrating the procedures of mutual authentication processing based on a public key. 

Fia 5 is a block diagram showing the schematic structure in 1he case where the first information processing unit, 
holding a distribution key. receives and saves contents data to a mass storage unit, in the contents distribution sys- 
tem. 

Fig.6 is a flowchart of accounting carried out by the first information processing unit 

Fig 7 is a block diagram showing the schematic structure of a receiving unit of the first information processing unit 
in the contents distribution system according to the first embodiment of the present invention. 

Fig 8 is a block diagram showing the schematic structure of a receiving unit of the second information processing 
unit in the contents distribution system according to the first embodiment of the present invention. 

Fig 9 shows the case where contents data stored in the mass storage unit of the first information processing unit is 
transferred to the second information processing unit in accordance with the first procedure. 

Fig 10 shows the case where contents data stored in the mass storage unit of the f irst information processing unit 
is transferred to the second information processing unit in accordance with the second procedure. 

Fig 11 shows the case where contents data stored in the mass storage unit of the first information processing unit 
is transferred to the second information processing unit in accordance with the third procedure. 

Fig 12 is a block diagram showing the schematic structure of the receiving unit of the first information processing 
unit in the contents distribution system according to the second embodiment of the present invention. 

Fia 1 3 is a block diagram showing the schematic structure of the receiving unit of the second information process- 
ing unit in the contents distribution system according to the second embodiment of the present invention. 

Fig 14 is a block diagram showing the schematic structure of the receiving unit of the first information processing 
unit in the contents distribution system according to the third embodiment of the present invention. 

Fig 15 is a block diagram showing the schematic structure of the receiving unit of the second information process- 
ing unit in the contents distribution system according to the third embodiment of the present invention. 
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Best Mode for Carrying Out the Invention 

|0027] Prefer,* embodiment* of the prese* ihvention will how be der**ed in detail with tote^e to the dtaw- 
transmrtt.ng J^J^ is transferred from the first information processing unit 100. 

« 1». 250. to eto-e the 
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kev Kd and accounting information to the storage module 152. This encryption processing section 150 includes a con- 
15lTe storage module 152. a purchase processing module 153. a mutual authent.cat.on module 154. and 

To^r^^^oo^ section 150. the control section 151 centre* eaC n**u.e in re^se to a 
[0039] m ln *2™JZ r Roller 1 20 and transmits the resultfrom each module to the upper controller 120. The stor- 

M S an' supplies ft. data such as the distribution key Kd when another functional fata* i mmm 
^SSn^rocessing The purchase processing module 153 newly generates use perm.ss.on condrt>on .nforma- 
predetermmed ' p handling policy and price information received from the service prov.der 20. 

ti °H ^t^ToCSmTe Hute !s2 T^e^uaUu^entication module 154 executes mutual authentication 
*"i ° a ^em7unTarSTnec^y generates and supplies a temporary key Kt (session key) to the encryp- 
?*™J%n^Te !S The Sryption/decoding module 155 is constituted by a decoding unit 155a and an encryp- 
!nn1SS ^2 23taSfS*D0d- the contents key Kc encrypted by the distribution key Kd and decodes 
ton unrt J 5 * e ^^'" 9 e U s n V key Kt The encryption gnit 155b encrypts the decoded contents key Kc by a save 
^SSSw^S^^-i*^ «*- moduie 152 through the control section 151. and 

S5T ™T<ZTs£?oS™Z^eO carries out mutua. authentication wfth the encryption 
ST! 50 to reive the contents key Kc. decodes the encrypted contents data supplied from fre ^Z^t^lSL 
VJ^r^rZ kev Kc expands the compressed contents data, and embeds a watermark to the contents data. This 
^JS^^onT^, decoding modu.e 161. an expansion modu.e 162. and an watermark 

^'"'l^e^nfe'nts processing section 160. the decoding moduie 161 decodes the contents data ^storec 1 in the 
[0041] in i mej corae m ^ . K d outputs rt to the expansion module 1 62. The expansion module 162 

&£* 1 T?e encryption processing section 150 and the contents processing section 160 in «» ujJMJO* 

ISST* ThTen^tioTp^c'essing section 250 and the contents processing section 260 provided in the receiving 
So of processing unit 200 have functions similar to those of the encryption process.ng sec- 

ton fsOarS^nfer^process.'ng section 160 of the receiving un* 170 of the firs, informaton process.ng unrt 100. 
and are constituted as a single-chip IC having tiie tamper resistance. 

[□^^th^roceduresltoefor storing the ooi^d^|«^t OT *.ooi«|«^1^t^ 
Ke unifS SSe receiving unit 1 70 of the information processing unit 1 00 of the user w..l be described wrth 

^rusTpe^SnfoLtion. The contents provider 10 then supplies the encrypted contents data Kc (Cent) and 
the enervated contents key Kd (Kc) to the service provider 20 (procedure 2). 

mLS The^eceivina unit 170 of the first information processing unit held by the user rece.ves the encrypted con- 
ESata K^fcirtTarS the encrypted contents key Kd (Kc) from the service provider 20 through satellite c«T,mun.ca- 
£ cS?e SSSSSSTo TtneTnSnet (procedure 3). The receiving unit 170. having received these date, must 
SS^SEISSS user can enjoy the contents. Therefore, the receiving unit 170 obtams the decoded contents 

S£ ^e 70 of the first information processing unit 1 00 transits the encrypted contents key Kd 

mlm^ Tnagement center 30 (procedure 4). In this case, the receiving unit 170 may or may not tem- 
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porarily store the encrypted contents key Kd (Kc) received by the procedure 3 into the mass storage unit 180 (procedure 
5) That is since the receiving unit 170 does not have the distribution key Kd used for the encryption of the contents key 
Kc and therefore cannot decode the encrypted contents key Kd (Kc). the receiving unit 170 temporarily transmits the 
encrypted contents key Kd (Kc) to the key management center 30. 

r00501 At this point, the receiving unit 1 70 of the first information processing unit 100 also transmits the identif ica- 
ton information ID and save key Ks of itself together with the encrypted contents key Kd (Kc^ The key ^"^rnent 
center 30 having received these data, decodes the contents key Kc from the encrypted contents key Kd (Kc) by using 
its own distribution key Kd and re-encrypts the contents key Kc by the save key Ks received from the receding unrt 1 70 
of the user At this point, the key management center 30 further carries out accounting processing in accoidance with 
the identification information of the user. Then, the key management center 30 returns the encrypted contents key Ks 
(Kc) encrypted by the save key Ks to the receiving unit (procedure 6). _ 

100511 The key management center 30 may send these data after encrypting them by us.ng the session key estab- 
lished by mutual authentication with the receiving unit 170. Specifically, in encrypting the contents key or the like .using 
the session key. the receiving unit 170 does not transmit the save key Ksto the key management center 30. and the key 
management center 30 encrypts the contents key Kc by the session key and transmits the encrypted contents key to 
the receiving unit 1 70. After receiving the encrypted contents key or the like encrypted by the se ^ n ^* * e '^ e ™ n n 9 
unit 170 temporarily decodes the contents key Kc or the like by using the session key and encrypts the decoded con- 
tents key Kc or the like by using its own save key Ks. 

[0052] The receiving unit 170. having received the encrypted contents key Ks (Kc) encrypted by the save key Ks. 
saves the encrypted contents key Ks (Kc) to the mass storage unit 180. Since the save key Ks is saved in the storage 
module 152 of the receiving unit 170. the receiving unit 170 can decode the contents key Kc at any time and can also 
decode the contents data Cont from the encrypted contents data Kc (Cent) using this contents key Kc. Although only 
one key is stored in the mass storage unit 180 shown in Fig.3. a number of encrypted contents and contents keys may 

maiSt^ ITSscribed above, in the contents distribution system to which the present invention is applied, the con- 
tents data Cont held by the contents provider 1 0 can be encrypted by the contents key Kc and provided to the receiving 
unit 170 of the user, and the contents key Kc used for the encryption of the contents data Cont can also be encrypted 
and provided to the receiving unit 1 70 of the user. The receiving unit 1 70 of the user can decode the encrypted contents 
key Kc provided thereto and decode the contents data Cont. „„ >t « mte 
30 [0054] The encryption algorithm may be any algorithm as long as it is for encrypting data to prevent the contents 
toereof from being known to a third party. For example, a public key encryption system and a common toy encryption 
system are generally known as the encryption algorithms. The public key encryption system is an encryption algorithm 
using different keys for encryption and for decoding, and is exemplified by RSA encryption and elliptic curve encryptooa 
In this public key encryption system, of the two keys, the key to be made public is called public key and the key secretly 
held by the user is called secret key. On the other hand, the common key encryption system is an encrypton algor thm 
using the same key for encryption and for decoding, and is exemplified by DES (data encryption standard) ^VPf-on. 
FEAL (fast encryption algorithm of NTT) and Misty (of Mitsubishi Electric). In this common key encryption system, the 

key to be used is called common key. . . D w 

[00551 The mutual authentication using the public key encryption between an equipment A and an equipment B for 
confirming whether they are valid counterparts to each other will now be described with reference to F.gA 
[00561 The public key. secret key and identification information of the equipment A are referred to as Kpa. Ksa and 
Da respectively. The public key, secret key and identification information of the equipment B are referred to as Kpb. 
Ksb and IDb. respectively. The public key and secret key of the authentication center are referred to as Kpc and Ksc. 

[00571 t,Vel The certif icate Ca indicating the validity of the public key Kpa of the equipment A is expressed by the follow- 
ing equation (1). 

Ca = IDa + (other information) + Kpa + Siga C) 

[0058] Siga in this equation (1 ) is signature data, which is expressed by the following equation (2). 

Siga = Enc(Hash(IDa + (other information) + Kpa). Ksc) ( 2 ) 

[00591 In the equation (2). Hash( ) is a unidirectional function called hash function. This hash function is a function 
tor compressing data having a long data length to data having a short fixed bit length, and its input is difficult ^ from 
te output The hash function is exemplified by MD (message digest) 5 and SHA (secure hash algorrthm)-1 The hash 
torSonls described in detail in Bruce Schneie, "Applied Cryptography (Second ^IZ^\ 
coupling of data. For example, "16-bit data + 16-bit data" means consecutively arrayed 32-bit data. The sign Enc( ) 
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indicates encryption processing and "Enc(x, y)" indicates encryption of data V using the encryption key y. In this 
case it is assumed tat the public key encryption (e.g., RSA encryption) is used. Although not used in the equation (2). 
"Dec( )" indicates decoding processing and "Enc(x, z)" indicates decoding of data V using the decoding key "z\ The 
certificate Cb indicating the validity of the public key Kpb of the equipment B is similar to the certificate Ca. 
[0060] The mutual authentication is carried out in accordance with the procedures of steps S1 to S4 shown in Fig.4. 
The equipment A and the equipment B hold the certificates Ca, Cb of their respective public keys and the public key 
Kpc of the authentication center, in addition to their respective keys and identification information. 
[0061 ] First, at step S1 , the equipment A generates a random number R1 . Also, the equipment A encrypts the ran- 
dom number R1 by the secret key Ksa to generate authentication data R2, as expressed by the following equation (3). 

R2 s =Enc(R1.Ksa) (3) 

Then the equipment A sends the certificate Ca and authentication data R2 to the equipment B. 
[0062] Subsequently. at step S2. the equipment B verifies whether the certificate 
Ca (= IDa + (other information) + Kpa + Siga) sent from the equipment A is correct or not. Specifically, the equipment 
B first generates D1 = Hash (IDa + (other information) + Kpa) . Then, the equipment B compares D1 with Dec(Siga. 
Kpc) and determines tat the public key Kpa is valid if D1 is coincident with Dec(Siga. Kpc). 

[0063] On determining that the public key Kpa is valid, the equipment B decodes the authentication data R2 by the 
public key Kpa to reproduce the random number R1 , as expressed by the following equation (4). 

R1 = Dec(R2. Kpa) ( 4 ) 

[0064] Next, the equipment B encrypts the random number R1 by the secret key Ksb to generate authentication 
data R3. as expressed by the following equation (5). 

R3 = Enc(R1. Ksb) ( 5 ) 

Then the equipment B sends the certificate Cb and authentication data R3 to the equipment A. 
[0065] Subsequently, at step S3, the equipment A verifies the certificate Cb sent from the equipment B, similarly to 
step S2 and determines whether the public key Kpb is valid or not. On determining that the public key Kpb is valid, the 
equipment A decodes the authentication data R3 by the public key Kpb to generate verification data R4, as expressed 
by the following equation (6). Then, the equipment A compares the verification data R4 with the random number R1. 

R4 = Dec(R3, Kpb) ( 6 ) 

[0066] If the random number R1 and the verification data R4 are coincident with each other, it is determined that 
the equipment B has the valid secret key Ksb and the validity of the equipment B can be confirmed. If not coincident, 
the equipment B can be determined as an invalid equipment that has illegitimately seen the certificate Cb. 
[0067] Next, the equipment A generates authentication data R5 from the random number R1 and authentication 
data R2 using the hash function, as expressed by the following equation (7). 

R5= Hash(R1+R2) C 7 ) 

[0068] Then, the equipment A encrypts the authentication data R5 by the secret key Ksa to generate R6, as 
expressed by the following equation (8). 

R6 = Enc(R5, Ksa) < 8 ) 
Then equipment A then sends R6 to the equipment B. 

[0069] Subsequently, at step S4. the equipment B generates verification data R7 from the random number R1 and 
authentication data R2 using the hash function, as expressed by the following equation (9). 

R7=Hash(R1+R2) ( 9 ) 

[0070] Next, the equipment B decodes R6 sent thereto using the public key Kpa to generate verification data R8. 
expressed by the following equation (10). 

R8= Dec(R6. Kpa) 0°) 
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T0071 1 Then the equipment B compares the verification data R7 with the verification data R8. N these data are coin- 

SIS 

Sev e^amhe^ conditio" or the mm. and decode the encrypted contents in accordance with the use cond- 
For TJZ such conditions that the contents can be decoded only 10 times the - °"^<*£- 
SdeS infuse condrtions appended to the contents key is reduced every t.me the contents key Receded Ateo. 
uS^ Sen cTnd^that coping is prohibited, copy restriction such as prohibition ot decoding ot contents data ,s pro- 
ved in the case where fransfer of contend ^ 

^7^ InTs^ 
is ing of the key management center 30. 

1 The key management center 30 holds in advance the account number or credit card number associated Iwrth the 
idenSbnlSiation. and charges the fee from the bank or credit card company ,n accordance wrth this 
number. 

2. The key management center 30 sends the account number or credit card number together wrth the key every 
time it sends the key. so as to make settlement. 

3. The key management center 30 subtracts the fee from the electronic money stored in the storage module 152 
inside the receiving unit 1 70. 

,00751 in the contents distribution system, as shown in Fig.5. the distribution key Kd is held in advance in the stor- 
EJSodui. iS f 52 J receiving unit 170 of the first information processing unit 100. so that the contents key Kc may 
i*» decoded from the encrypted contents key Kd(Kc) using the distribution key Kd. 

Sj^ln Ss case on receiving the encrypted contents data Kc(Cont) and the encrypted contents key Kd(Kc) pro- 
" 'S rom Se slSce P^vSer 20 through satitte communication, cable communication or the Internet (procedure 3). 
S^SlSir^SSS informaL processing unit 1 00 held by the user decodes the contents key Kc tonta 
!^r«^ COTtente keyKd(Kc) using the distribution key Kd held in the storage module 1 52. then re-encrypts Ihe con- 
^ aZ save kev Ks and saves the result as Ks(Kc) into the mass storage unit 180 (procedure^. More- 

Ita^ « ^ e „^n 8 olth e distti^ OT keyKdhast>^<^odo U tapred«»n»n«ln U «> e .oft, m « 

SSessina ofFta! « the result of discrimination at any of steps S1 1 to 31 3 is YES, the receding unrt 170 traremtethe 
K2*n W to the key management center 30 (step S14). thereby carrying out ^ accountng pr^ng^ 
SeTSJJS l?wS«fcn W is transmitted at step S14. the accounting processing of this time .s reset and the 
m ocessina returns to step S1 1 to start next accounting processing. 

AsSSm in Fig.5. the distribution key Kd is provided in advance to the contente provider 10 from *e key 
^gemem cer^SO (procedure 1). and the encrypted contents data Kc(Cont) and I the encrypted contents key 
KdfKcl are supplied to the service provider 20 from the contents provider 10 (procedure 2)- 

mSS int^e case where the distribution key Kd is thus saved in advance to the storage module 152 of the first .nfor- 
S proceSg^inS the distribution ke Kd used by the contents provider 10 Is updat * W£d£™»£ 
^Sl <e a ^ne month) and in accordance therewith, the distribution key Kd is supplied also to tiie first 'nformation 
pTitSig'uS lOoTom L key management center 30 (procedure 6). In short, since the distnbution key Kd is com- 

^information processing unit 100 will now be described further in detail with reference to F.gs.7 and 8. 
SlT T^eTcryP^/decoding module 155 in the receiving unit 170 of the first information processing unit 100 
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includes the storage module 152, a contents key decoding section 23 for decoding the contents key Kc from the 
encrypted contents key Kd(Kc) encrypted by the distribution key Kd, an identification information appending section 24 
for appending identification information ID proper to the receiving unit 170 to the decoded contents key Kc. and a con- 
tents key encryption section 25 for encrypting the contents key (Kc+ID) having the identification information ID 

5 appended thereto by using the save key Ks' of the second information processing unit 200 as the distribution key, as 
shown in Fig.7. The encryption/decoding module 155 transmits the encrypted contents data Kc(Cont) and the 
encrypted contents key Ks'(Kc+ID) to the second information processing unit 200 through the communication section 
110. Also, the receiving unit 170 is connected to the mass storage unit 180 through an IEEE 1394 interface or the like. 
[0082] In the receiving unit 170 of the first information processing unit 100, the storage module 152 is made up of 

10 a flash memory in an IC chip or the like. The contents key decoding section 23, the identification information appending 
section 24 and the contents key encryption section 25 are constituted by ASIC or programs in the IC chip. 
[0083] The storage module 152 may be a memory (flash memory, EEPROM, etc.) in a single-chip IC having the 
tamper resistance and incorporated in the first receiving unit 170, an IC card capable of sending and receiving data to 
and from the first receiving unit 170, or any storage medium that can prevent a third party from easily confirming the 

is contents thereof. 

[0084] The mass storage unit 1 80 may be any removable or fixed storage medium or storage device such as a hard 
disk, an optical disc, a tape medium or a semiconductor memory. It may also be externally connected to or built inside 
the first receiving unit 170. In these mass storage units 180, the identification information (ID) for identifying the respec- 
tive storage units may be written and this identification information may not be rewritable. 
20 [0085] On the other hand, the receiving unit 270 of the second information processing unit 200 has a contents key 
decoding section 33 in the encryption processing section 250 for decoding the encrypted contents key Ks'(Kc+ID) 
encrypted by the save key Ks' uniquely held by the receiving unit 270, as shown in Fig.8. Also, as the decoding module 
and the watermark embedding module in the contents processing section 260, the receiving unit 270 has a contents 
decoding section 34 for decoding the encrypted contents data Kc(Cont) encrypted by the contents key Kc, an expan- 
ds sion section 35 for expanding the contents data decoded by the contents decoding section 34, and a watermark embed- 
ding section 36 for embedding identification information 1D1 proper to the first information processing unit 100 by 
watermark processing with respect to the contents data expanded by the expansion section 35. The contents data in 
which the identification information ID1 is embedded by watermark embedding is outputted from an output terminal 37. 
The receiving unit 270 receives the encrypted contents data Kc(Cont) and the encrypted contents key Ks'(Kc+ID) from 
30 the first information processing unit 100 through the communication section 210. Moreover, the receiving unit 270 is 
connected to the mass storage unit 280 through an IEEE 1 394 interface or the like. 

[0086] The expansion section 35 is exemplified by an MPEG decoder for decoding data which is coded in accord- 
ance with the MPEG (Moving Picture Experts Group) standard, or an ATRAC decoder for decoding data which is coded 
in accordance with the so-called ATRAC (Adaptive Transform Acoustic Coding) standard. 

35 [0087] A storage module 252 of the receiving unit 270 of the second information processing unit 200 is made up of 
a flash memory in an IC chip, similarly to the storage module 152 in the receiving unit 170 of the first information 
processing unit 100. The contents key decoding section 33, the contents decoding section 34, the watermark embed- 
ding section 36 and the expansion section 35 are constituted by ASIC or programs in the IC chip. 
[0088] The receiving unit 170 of the first information processing unit 100 and the receiving unit 270 of the second 

40 information processing unit 200 have their respective proper identification information (ID1 , ID2). and hold their respec- 
tive unique save keys Ks, Ks'. The save key uniquely held by the receiving unit 170 of the first information processing 
unit 100 is hereinafter referred to as first save key Ks, and the save key uniquely held by the receiving unit 270 of the 
second information processing unit 200 is hereinafter referred to as second save key Ks\ 

[0089] The watermark embedding section 36 of the receiving unit 270 of the second information processing unit 
45 200 is adapted for embedding watermark information to the contents data. With respect to the audio data and image 
data to which the information is embedded by the watermark processing, the embedded information is difficult to 
remove and the information can be taken out even after filtering processing or compression/expansion processing is 
repeated. 

[0090] The procedure for transferring the contents data stored in the mass storage unit 180 of the first information 
so processing unit 100 to the second information processing unit 200 will now be described. 

[0091] First, the first procedures 1 to in the case of transferring the contents data stored in the mass storage unit 
180 of the first information processing unit 100 to the second information processing unit 200 will be described with ref- 
erence to Fig.9. 

[0092] In the case where the contents data is to be transferred from the first information processing unit 1 00 to the 
55 second information processing unit 200 in accordance with the first procedures, the distribution key Kd and the identi- 
fication information ID1 proper to the first information processing unit are saved in advance in the storage module 152 
of the receiving unit 170 of the first information processing unit 100. The first information processing unit 100 receives 
the encrypted contents data Kc(Cont) encrypted by the contents key Kc sent from the service provider 20 through sat- 
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ellite communication or through the Internet and the encrypted contents key Kd(Kc) encrypted by the distribution key 
Kd. by using the receiving unit 170 (procedure 1), and saves the received encrypted contents data Kc(Cont) and 
encrypted contents key Kd(Kc) to the mass storage unit 180 (procedure 2). 

[0093] Then, in the first procedures, mutual authentication is first carried out between the first information process- 
ing unit 100 and the second information processing unit 200 in order to make a contents transfer request from the sec- 
ond information processing unit 200 to the first information processing unit 100 (procedure 3). This mutual 
authentication is first carried out between the first information processing unit 100 and the second information process- 
ing unit 200 in order to make a contents transfer request to the first information processing unit 1 00 in response to user- 
designated information inputted from the operation input section 230 to the upper controller 220 in the receiving unit 270 
of the second information processing unit 200 shown in Fig.2. The mutual authentication processing may be carried out 
through the communication sections 1 10, 210 between the first information processing unit 100 and the second infor- 
mation processing unit 200 by inputting a signal from a remote controller, not shown, or operation input data due to the 
operation of an input button, not shown, that is. user-designated information from the operation input section 130 to the 
upper controller 120 in the receiving unit 170 of the first information processing unit 100 shown in Fig.2. 
[0094] Subsequently, the receiving unit 270 of the second information processing unit 200 encrypts by the session 
key a contents request command including the contents number of the contents which the user wants to copy from the 
first information processing unit 1 00 and the second save key Ks\ and sends the encrypted contents request command 
to the receiving unit 170 of the first information processing unit 100 (procedure 4). 

[0095] The receiving unit 170 of the first information processing unit 100, having received the contents request 
command, decodes the received data by the session key and thus obtains the contents number and the second save 
key Ks'. The receiving unit 1 70 then retrieves and takes out the contents and the contents key corresponding to the con- 
tents key from the mass storage unit 180 (procedure 5). Subsequently, the receiving unit 170 of the first information 
processing unit 1 00 causes the contents key decoding section 23 to decode the contents key Kc by the distribution key 
Kd held in the storage module 152 (procedure 6), and causes the identification information appending section 24 to 
append its own identification information ID1 to the decoded contents key Kc (procedure 7). For example, if the contents 
key Kc is expressed as "0123456789ABCDEF" while the identification information ID1 of the first information process- 
ing unit 100 is expressed as "00001 1 1 122223333", the key data having the identification information appended thereto 
is expressed as "0123456789ABCDEF00001 1 1 122223333". 

[0096] Subsequently, the receiving unit 170 of the first information processing unit 100 causes the contents key 
encryption section 25 to encrypt the contents key Kc having its own identification information ID1 appended thereto, by 
using the second save key Ks* (procedure 8). Then, the receiving unit 170 of the first information processing unit 100 
transmits the encrypted contents key Ks*(Kc+ID1) which has the identification information appended thereto and is 
encrypted and the encrypted contents data Kc(Cont) to the receiving unit 270 of the second information processing unit 
200 through the communication section 1 10 (procedure 9). 

[0097] The receiving unit 270 of the second information processing unit 200 receives the encrypted contents key 
Ks'(Kc+ID) and the encrypted contents data Kc(Cont) transmitted from the first information processing unit 100, through 
the communication section 210, and saves these key and data to the mass storage unit 280 (procedure 10). 
[0098] Then, the receiving unit 270 of the second information processing unit 200 causes the contents key decod- 
ing section 33 to decode the received encrypted contents key Ks (Kc+ID) using the second save key Ks* stored in the 
storage module 252 (procedure 11). The receiving unit 270 of the second information processing unit 200 can obtain 
the contents key Kc and the identification information ID1 of the first information processing unit 100 by decoding the 
encrypted contents key Ks*(Kc+ID1). Also, the receiving unit 270 of the second information processing unit 200 causes 
the contents decoding section 34 to decode the received encrypted contents data Kc(Cont) using the contents key Kc 
(procedure 12). The expansion section 35 performs predetermined expansion processing on the contents data 
decoded by the contents decoding section 34. For example, rf the contents data are music data compressed in accord- 
ance with the ATRAC standard, the expansion section 35 carries out ATRAC expansion processing to convert the con- 
tents data to PCM data (procedure 13). Then, the watermark embedding section 36 embeds the identification 
information ID1 proper to the first information processing unit 100, obtained by the contents key decoding section 33 
decoding the encrypted contents key Ks'(Kc+ID1), to the contents data expanded by the expansion section 35 by the 
watermark processing, and outputs the resultant data through the output terminal 37 (procedure 14). 
[0099] The foregoing is the first procedures for transferring and reproducing the contents data stored in the mass 
storage unit 180 of the first information processing unit 100 to the second information processing unit 200. 
[0100] The second procedures for transferring and reproducing the contents data stored in the mass storage unit 
1 80 of the first information processing unit 1 00 to the second information processing unit 200 will now be described with 
reference to Fig. 10. 

[0101] While the contents request command including the contents number of the contents to be copied and the 
second save key Ks* is sent in the procedure 4 in accordance with the above-described first procedures 1 to 1 4, the sec- 
ond save key Ks' is registered in advance to the storage module 152 of the receiving unit 170 of the first information 
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processing unit 100 in accordance with the following second procedures 1 to 16. 

[0102] Also in the case where the contents data is to be transferred from the first information processing unit 100 
to the second information processing unit 200 in accordance with the second procedures, the distribution key Kd and 
the identification information ID1 proper to the first information processing unit are saved in advance to the storage 

5 module 152 of the receiving unit 170 of the first information processing unit 100. The first information processing unit 
100 causes the receiving unit 170 to receive the encrypted contents data Kc(Cont) encrypted by the contents key Kc 
sent from the service provider 20 through satellite communication or through the Internet and the encrypted contents 
key Kd(Kc) encrypted by the distribution key Kd (procedure 1), and saves the received encrypted contents data 
Kc(Cont) and encrypted contents key Kd(Kc) to the mass storage unit 180 (procedure 2). 

w [0103] In accordance with the second procedures, registration operation for registering the second save key Ks* to 
the first receiving unit 1 70 is carried out. In starting the registration operation, a mutual authentication request is sent 
from the receiving unit 270 of the second information processing unit 200 to the receiving unit 1 70 of the first information 
processing unit 100 by inputting a signal from a remote controller, not shown, or operation input data due to the opera- 
tion of an input button, not shown, that is. user-designated information from the operation input section 230 to the upper 

15 controller 220 (procedure 3). After that, mutual authentication is carried out between both units and a session key is 
shared (procedure 4). Subsequently, the receiving unit 270 of the second information processing unit 200 encrypts a 
registration request command including the second save key Ks' by the session key and sends the encrypted registra- 
tion request command to the first receiving unit 1 70. The receiving unit 1 70 of the first information processing unit 1 00, 
having received the command, registers the second save key Ks* of the second information processing unit 200 to the 

pc storage module 152 (procedure 5). 

[0104] Subsequently, the receiving unit 270 of the second information processing unit 200 encrypts the contents 
request command including the contents number of the contents to be copied from the first information processing unit 
1 00. by using the session key, and sends the encrypted contents request command to the receiving unit 1 70 of the first 
information processing unit 100 (procedure 6). Having received this, the receiving unit 170 of the first information 

r< processing unit 100 decodes the received data by the session key so as to obtain the contents number. Then, the 
receiving unit 170 of the first information processing unit 100 retrieves and takes out the encrypted contents data 
Kc(Cont) and encrypted contents key Kd(Kc) corresponding to the contents number from the mass storage unit 180 
(procedure 7). 

(0105] Subsequently, the receiving unit 1 70 of the first information processing unit 100 decodes the contents key 
Kc from the encrypted contents key Kd(Kc) by the distribution key Kd in the storage module 152 (procedure 8). and 
c*jpends its own identification information ID1 to the decoded contents key Kc (procedure 9). Subsequently, the receiv- 
ing unit 1 70 encrypts this data (Kc+ID 1) using the second save key Ks' registered to the storage module 1 52 (procedure 
10) Then, the receiving unit 170 of the first information processing unit 100 transmits the encrypted contents key 
Ks (KolDl ) which has the identification information ID1 appended thereto and is encrypted and the encrypted contents 
data Kc(Cont) to the receiving unit 270 of the second information processing unit 200 though the communication sec- 
ton 110 (procedure 1 1). 

(0106] Subsequently, the receiving unit 270 of the second information processing unit 200 receives the encrypted 
contents key Ks'(Kc+ID1) and the encrypted contents data Kc(Cont) transmitted from the receiving unit 170 of the first 
information processing unit 100, and take them into the mass storage unit 280 (procedure 12). Then, the receiving unit 

4c 270 causes the contents key decoding section 33 to decode the contents key Kc and the identification information ID1 
from the received encrypted contents key Ks'(Kc+ID1) by using the second save key Ks' stored in the storage module 
252 (procedure 13). The receiving unit 270 of the second information processing unit 200 can obtain the contents key 
Kc and the identification information ID1 of the receiving unit 170 of the first information processing unit 100 by decod- 
ing the encrypted contents key Ks'fKc+IDI). The receiving unit 270 of the second information processing unit 200 

45 causes the contents decoding section 34 to decode the contents data from the encrypted contents data Kc(Cont) using 
the contents key Kc (procedure 14). The expansion section 35 performs expansion processing on the contents data 
decoded by the contents decoding section 34. For example, the expansion section 35 carries out ATRAC expansion 
processing to obtain PCM data (procedure 15). Then, the watermark embedding section 36 embeds the identification 
information ID1 proper to the first information processing unit 100 obtained by decoding the encrypted contents key 

so Ks*(Kc+ID1) by the contents key decoding section 33. to the contents data expanded by the expansion section 35 by 
watermark embedding processing, and outputs the resultant data from the output terminal 37 (procedure 16). 
[0107] The foregoing is the second procedures for transferring and reproducing the contents data stored in the 
mass storage unit 180 of the first information processing unit 100 to the second information processing unit 200. 
[0108] The third procedures for transferring and reproducing the contents data stored in the mass storage unit 180 

55 of the first information processing unit 1 00 to the second information processing unit 200 will now be described with ref- 
erence to Fig.11. 

[0109] While the identification information ID1 of the first information processing unit 100 is appended to the con- 
tents key Kc in copying (transferring) to the second information processing unit 200 in accordance with the above- 
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described first procedures, the identification information ID1 of the first information processing unit 100 is appended in 
advance to the contents key Kc and then stored in the mass storage unit 1 80 in accordance with the following third pro- 
cedures. 

[01 1 0] Specifically, in the case where the contents data is to be transferred from the first information processing unit 
5 100 to the second information processing unit 200 in accordance with the third procedures, the distribution key Kd and 
the identification information ID1 proper to the first information processing unit are saved in advance to the storage 
module 152 of the receiving unit 170 of the first information processing unit 100. The first information processing unit 
100 causes the receiving unit 170 to receive the encrypted contents data Kc(Cont) encrypted by the contents key Kc 
sent from the service provider 20 through satellite communication or through the Internet and the encrypted contents 
10 key Kd(Kc) encrypted by the distribution key Kd (procedure 1), and saves the received encrypted contents data 
Kc(Cont) and encrypted contents key Kd(Kc) to the mass storage unit 180 (procedure 2). 

[01 1 1 ] In accordance with the third procedures, in the receiving unit 1 70 of the first information processing unit 1 00. 
the contents key decoding section 23 decodes the encrypted contents key Kd(Kc) encrypted by the distribution key Kd. 
by using the distribution key Kd held in the storage module 152 (procedure 3). The identification information appending 
is section 24 appends the identification information ID1 of the first information processing unit 100 to the contents key Kc 
decoded by the contents key decoding section 23 (procedure 4). The contents key encryption section 25 encrypts the 
contents key Kc+ID1 having the identification information ID1 appended thereto by the identification information 
appending section 24, by using the first save key Ks (procedure 5). 

[0112] Then, in accordance with the third procedures, the encrypted contents key Ks(Kc+ID1) encrypted by the 
20 contents key encryption section 25 is saved into the mass storage unit 180 (procedure 6). 

[0113] In the state where the encrypted contents data Kc(Cont) encrypted by the contents key Kc and the 
encrypted contents key Ks(Kc+ID1) encrypted by the first save key Ks are saved in the mass storage unit 180, by input- 
ting operation input data, that is, user-designated information from the operation input section 230 of the receiving unit 
270 of the second information processing unit 200 shown in Fig.2 to the upper controller 220, a contents request com- 
25 mand for requesting transfer of contents is transmitted from the second information processing unit 200 to the first infor- 
mation processing unit 100 (procedure 7), thus carrying out mutual authentication between the first information 
processing unit 100 and the second information processing unit 200 (procedure 8). 

[0114] In the procedure 7, the receiving unit 270 of the second information processing unit 200 encrypts the con- 
tents request command including the contents number of the contents to be copied (transferred) from the first informa- 

30 tion processing unit 100 by using the session key and sends the encrypted contents request command to the receiving 
unit 170 of the first information processing unit 100. The receiving unit 170 of the first information processing unit 100, 
having received the contents request command, obtains the contents number by decoding the received data by the ses- 
sion key after completion of the mutual authentication of the procedure 8, and retrieves and takes out the encrypted 
contents data Kc(Cont) and encrypted contents key Ks(Kc+ID1 ) corresponding to the contents data from the mass stor- 

35 age unit 1 80 (procedure 9). 

[0115] Subsequently, the receiving unit 170 of the first information processing unit 100 causes the contents key 
decoding section 23 to decode the contents key (Kc+ID1) having the identification information ID appended thereto 
from the encrypted contents key Ks(Kc+ID1) by using the first save key Ks in the storage module 152 (procedure 10), 
and causes the contents key encryption section 25 to encrypt the decoded contents key (Kc+ID1) using the second 

40 save key Ks f registered to the storage module 152 (procedure 1 1). Then, the receiving unit 1 70 transmits the encrypted 
contents key Ks'(Kc+ID1) which has the identification information ID1 appended thereto and is encrypted and the 
encrypted contents data Kc(Cont) to the receiving unit 270 of the second information processing unit 200 through the 
communication section 110 (procedure 12). 

[0116] Subsequently, the receiving unit 270 of the second information processing unit 200 receives the encrypted 
45 contents key Ks(Kc+lD1 ) and the encrypted contents data Kc(Cont) transmitted from the receiving unit 1 70 of the first 
information processing unit 100, and take them into the mass storage unit 280 (procedure 13). Then, the receiving unit 
270 causes the contents key decoding section 33 to decode the contents key (Kc+ID1) having the identification infor- 
mation ID1 appended thereto from the received encrypted contents key Ks'(Kc+ID1) by using the second save key Ks f 
stored in the storage module 252 (procedure 14). The identification information need not be appended to the contents 
so key if it is transmitted together with the contents key. The receiving unit 270 of the second information processing unit 
200 can obtain the contents key Kc and the identification information ID1 of the receiving unit 170 of the first information 
processing unit 100 by decoding the encrypted contents key Ks'(Kc+ID1). The receiving unit 270 of the second infor- 
mation processing unit 200 causes the contents decoding section 34 to decode the contents data from the encrypted 
contents data Kc(Cont) using the contents key Kc (procedure 15). 
55 [01 1 7] Subsequently, in the receiving unit 270 of the second information processing unit 200, the expansion section 
35 performs expansion processing on the contents data decoded by the contents decoding section 34. For example, 
the expansion section 35 converts the contents data to PCM data by ATRAC expansion processing (procedure 16). 
Then, the watermark embedding section 36 embeds the identification information ID1 proper to the first information 
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processing unit 100 obtained by decoding the contents key (Kc+ID1) having the identification information appended 
thereto from the encrypted contents key Ks*(Kc+ID1) by the contents key decoding section 33, to the contents data 
expanded by the expansion section 35 by watermark embedding processing, and outputs the resultant data from the 
output terminal 37 (procedure 17). 

5 [0118] The foregoing is the third procedures for transferring and reproducing the contents data stored in the mass 
storage unit 180 of the first information processing unit 100 to the second information processing unit 200. 
[0119] By transferring the contents data stored in the mass storage unit 180 of the first information processing unit 
100 to the second information processing unit 200 in accordance with the above-described procedures, the identifica- 
tion information proper to the first information processing unit 1 00 that purchased the contents data is embedded to the 
w copied contents data by watermark embedding processing. Therefore, even when a malicious user tries to duplicate 
and sell the contents data, the identification information of the first information processing unit 1 00 of the user who pur- 
chased the contents data is written to the contents data, and the user who conducted illegal duplication or the like with- 
out having any contact can be traced, thus improving the crime deterrence. Also, the structures of the first information 
processing unit 100 and the second information processing unit 200 can be simplified to enable efficient embedding of 

15 the identification information ID1 of the first information processing unit 100 to the contents data. 

[0120] In the above-described first to third procedures, the contents data and contents key received through satel- 
lite communication or through the Internet are once saved in the mass storage unit 1 80 of the first information process- 
ing unit 100. However, the contents data may be transferred to the second information processing unit 200 as it is in 
accordance with the first to third procedures. 

20 [0121 ] In the encryption using the second save key Ks f before the transmission of the contents key to the second 
information processing unit 200, information indicating that the contents key Kc for encryption is copied (transferred) 
may be appended. This enables limitation of the use conditions of the contents key Kc in the second information 
processing unit 200, having received the contents key. For example, in the case where information indicating that copy 
(transfer) is not permitted is appended as the copyright information of the contents, digital output of the contents data 

25 can be stopped in the second information processing unit 200. 

[0122] Moreover, though the encrypted contents data is electronically distributed through the Internet or through 
satellite communication in the above-described first embodiment, the encrypted contents data may also be supplied 
through an information recording medium such as CD-ROM. 

[0123] A second embodiment of the present invention will now be described with reference to Figs.1 , 1 2 and 13. 

30 [0124] In the description of the second embodiment, the same constituent elements as those described in the first 
embodiment are denoted by the same numerals in the drawings and will not be described further in detail. 
[0125] In the second embodiment, the receiving unit 170 of the first information processing unit 100 has a mutual 
authentication section 43 for carrying out mutual authentication with the receiving unit 270 of the second information 
processing unit 200 through a mutual authentication interface 45, and a session key generation section 44 for generat- 

35 ing a session key used for the mutual authentication, as the mutual authentication module 154 of the encryption 
processing section 150, as shown in Fig. 12. The receiving unit 1 70 has a contents key decoding section 23 for decod- 
ing the contents key Kc from the encrypted contents key Kd(Kc) encrypted by the distribution key Kd, an identification 
information appending section 24 for appending the identification information ID1 proper to the first information 
processing unit 100 to the decoded contents key Kc, and a contents key encryption section 42 for encrypting the con- 

40 tents key Kc by a session key Kt. as the encryption/decoding module 1 55 of the encryption processing section 1 50. The 
receiving unit 170 transmits the encrypted contents key Kt(Kc) encrypted by the contents key encryption section 42 to 
the second information processing unit 200 through the communication section 1 10. In the storage module 152 of the 
receiving unit 1 70 of the first information processing unit 100, the distribution key Kd, the first save key Ks. and the iden- 
tification information ID1 proper to the first information processing unit 1 00 are saved. In the mass storage unit 1 80, the 

ts contents data Kc(Cont) encrypted by the contents key Kc and the encrypted contents key Kd(Kc) encrypted byte distri- 
bution key Kd are saved. 

[01 26] The receiving unit 270 of the second information processing unit 200 has a mutual authentication section 53 
for carrying out mutual authentication with the receiving unit 170 of the first information processing unit 100 through a 
mutual authentication interface 56, and a session key generation section 54 for generating a session key Kt used for 

jo encryption after the mutual authentication, as the mutual authentication module of the encryption processing section 
250, as shown in Fig. 13. Also, the receiving unit 270 has a contents key decoding section 52 for decoding the 
encrypted contents key Kt(Kc) encrypted by the session key Kt, and a contents key encryption section 55 for encrypting 
the decoded contents key Kc by the second save key Ks' uniquely held by the second information processing unit 200 
and saving the encrypted contents key to the mass storage unit 280. The receiving unit 270 of the second information 

.-5 processing unit 200 also has a contents decoding section 34 for decoding the contents data from the encrypted con- 
tents data Kc(Cont) encrypted by the contents key Kc, an expansion section 35 for expanding the contents data 
decoded by the contents decoding section 34, and a watermark embedding section 36 for embedding the identification 
information ID1 proper to the first information processing unit 1 00 to the contents data expanded by the expansion sec- 
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tion 35 by watermark embedding processing, as the decoding module and the watermark embedding module in the 
contents processing section 260. The receiving unit 270 outputs the contents data to which the identification information 
ID1 is embedded by the watermark embedding section 36, from an output terminal 37. 

[01 27] In the second embodiment, the first information processing unit 1 00 causes the receiving unit 1 70 to receive 
5 the encrypted contents data Kc(Cont) encrypted by the contents key Kc sent from the service provider 20 through sat- 
ellite communication or through the Internet and the encrypted contents key Kd(Kc) encrypted by the distribution key 
Kd (procedure 1), and saves the received encrypted contents data Kc(Cont) and encrypted contents key Kd(Kc) to the 
mass storage unit 180 (procedure 2). 

[0128] In transferring(copying) the encrypted contents data Kc(Cont) from the first information processing unit 100 
10 to the second information processing unit 200, the mutual authentication is carried out between the mutual authentica- 
tion section 43 of the receiving unit 1 70 of the first information processing unit 1 00 and the mutual authentication section 
53 of the receiving unit 270 of the second information processing unit 200, by inputting operation input data, that is. 
user-designated information from the operation input section 230 of the receiving unit 270 of the second information 
processing unit 200 shown in Fig.2 to the upper controller 220 (procedure 3). In this case, the session key Kt is gener- 
15 ated and shared by the session key generation section 44 of the receiving unit 170 of the first information processing 
unit 100 and the session key generation section 45 of the receiving unit 270 of the second information processing unit 
200 (procedure 4). 

[0129] Subsequently, the receiving unit 270 of the second information processing unit 200 encrypts by the session 
key Kt a contents request command including the contents number of the contents data to be copied from the receiving 
20 unit 1 70 of the first information processing unit 100, and sends the encrypted contents request command to the receiv- 
ing unit 170 of the first information processing unit 100 (procedure 5). 

[0130] The receiving unit 170 of the first information processing unit 100, having received the contents request 
command, decodes the received data by the session key Kt so as to obtain the contents number. Then, the receiving 
unit 170 retrieves and takes out the encrypted contents data Kc(Cont) and encrypted contents key Kd(Kc) correspond- 

25 ing to the contents number from the mass storage unit 1 80 of the first information processing unit 1 00 (procedure 6). 
[0131] Subsequently, the receiving unit 170 of the first information processing unit 100 causes the contents key 
decoding section 23 to decode the contents key Kc from the encrypted contents key Kd(Kc) by the distribution key Kd 
held in the storage module 1 52 (procedure 7), and causes the identification information appending section 24 to append 
its own identification information ID1 to the decoded contents key Kc (procedure 8). 

30 [0132] Subsequently, the receiving unit 170 of the first information processing unit 100 causes the contents key 
encryption section 42 to encrypt the contents key (Kc+ID1) having its own identification information ID1 appended 
thereto, by using the session key Kt (procedure 9). Then, the receiving unit 170 transmits these encrypted contents key 
Kt(Kc+ID1) and encrypted contents data Kc(Cont) to the receiving unit 170 of the second information processing unit 
200 through the communication section 1 1 0 (procedure 10). 

35 [0133] The receiving unit 270 of the second information processing unit 200 receives, through the communication 
section 210, the encrypted contents key Kt(Kc+ID1) encrypted by the session key Kt and the encrypted contents data 
Kc(Cont) encrypted by the contents key Kc. transmitted from the receiving unit 170 of the first information processing 
unit 100 (procedure 1 1). The receiving unit 270 of the second information processing unit 200 causes the contents key 
decoding section 52 to decode the received encrypted contents key Kt(Kc+ID1) using the session key Kt generated by 

40 the session key generation section 54 (procedure 1 2). 

[0134] The receiving unit 270 of the second information processing unit 200 can obtain the contents key Kc and the 
identification information ID1 of the first information processing unit 100 by decoding the contents key (Kc+ID1) having 
the identification information appended thereto from the encrypted contents key Kt(Kc+ID1). The receiving unit 270 of 
the second information processing unit 200 causes the contents decoding section 34 to decode the contents data Cont 

45 from the encrypted contents data Kc(Cont) using the contents key Kc (procedure 13). Then, the expansion section 35 
performs ATRAC expansion processing or the like on the contents data decoded by the contents decoding section 34 
(procedure 14). Then, the watermark embedding section 36 embeds the identification information ID1 proper to the first 
information processing unit 100 obtained by causing the contents key decoding section 33 to decode the contents key 
(Kc+ID1) having the identification information appended thereto from the contents key Kt(Kc+ID1), to the contents data 

so Cont decoded by the contents decoding section 34 by watermark embedding processing, and outputs the resultant data 
through the output terminal 37 (procedure 15). 

[0135] Also, the receiving unit 270 of the second information processing unit 200 causes the contents key encryp- 
tion section 55 to encrypt the contents key Kc decoded by the contents key decoding section 52, by using the second 
save key Ks' stored in the storage module 252. Then, the receiving unit 270 stores the encrypted contents key Ks'(Kc) 
55 encrypted by the second save key Ks' to the mass storage unit 280 (procedure 1 6). 

[0136] By transferring the contents data stored in the mass storage unit 180 of the first information processing unit 
100 to the second information processing unit 200 in accordance with the above-described procedures, the identifica- 
tion information ID1 proper to the first information processing unit 100 that purchased the contents data is embedded 
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to the transferred contents data by watermark embedding processing. Therefore, even when a malicious user tries to 
duplicate and sell the contents data, the identification information of the user who purchased the contents data is written 
to the contents data, and the user who conducted illegal duplication or the like without having any contract can be 
traced, thus improving the crime deterrence. Also, the structures of the first information processing unit 1 00 and the sec- 
5 ond information processing unit 200 can be simplified to enable efficient embedding of the identification information ID1 
of the first information processing unit 100 to the contents data. In addition, particularly in the second embodiment, 
since it is not necessary to transmit and supply the second save key Ks f of the second information processing unit 200 
to the first information processing unit 100, the safety is further improved. 

[0137] A third embodiment of the present invention will now be described with reference to Figs.1 , 2, 14 and 15. 

10 [0138] In the third embodiment, the contents provider 10, which holds non-encrypted contents (e.g., music data, 
image data, text data such as books, still image data, etc.), encrypts the contents data (Cont) by the contents key Kc 
held or generated by the provider itself, and supplies the encrypted contents data to the service provider 20, as shown 
in Fig. 14 (procedure 1). The contents provider 10 supplies the contents key Kc to the key management center 30 (pro- 
cedure 2). This contents key Kc may be different from contents to contents or may be the same. 

is [0139] The key management center 30 encrypts the contents key Kc by its own distribution key (which may be dif- 
ferent for each receiving unit 170 of the user or may be common to all the receiving units) Kd, and supplies the 
encrypted contents key Kd(Kc) encrypted by the distribution key Kd to the receiving unit 170 of the user in response to 
the request from the receiving unit 170 of the user (procedure 3). 

[0140] The receiving unit 170 of the information processing unit 100 of the user receives the encrypted contents 

20 data Kc(Cont) encrypted by the contents key Kc from the service provider 20 through satellite communication, cable 
communication or the Internet (procedure 4). The receiving unit 170, having received the encrypted contents data 
Kc(Cont), requests the contents key Kc for decoding from the key management center 30 in order to decrypt the data 
(procedure 5). On receiving the request for transmission of the contents key Kc, the key management center 30 trans- 
mits the encrypted contents key Kd(Kc) encrypted by the distribution key Kd to the information processing unit 100 of 

25 the user (procedure 6). At this point the key management center 30 simultaneously carries out accounting processing. 
This accounting processing may be carried out by drawing the fee from the bank account of the user registered to the 
key management center 30 or by having the credit card number sent from the receiving unit 170 of the user and then 
charging the fee in accordance with this card number. Alternatively, the necessary fee may be drawn from the prepaid 
amount accumulated on the IC card provided in the receiving unit 170 of the information processing unit 100. 

30 [0141 ] The receiving unit 1 70 of the information processing unit 1 00 of the user, having received the encrypted con- 
tents key Kd(Kc), decodes the contents key Kc from the encrypted contents key Kd(Kc) using the distribution key Kd 
held in the storage module 152, and thus can decode the encrypted contents using the decoded contents key Kc. 
[0142] The receiving unit 170 of the information processing unit 100 encrypts the decoded contents key Kc by its 
unique save key Ks and saves the encrypted contents key to the mass storage unit 180 (procedure 7). This is because 

35 the distribution key Kd used for distributing the contents key Kc may be changed every predetermined period. Also, sav- 
ing the contents key Kc without encryption is essential the same as saving the contents without encryption, and there 
is a possibility that a third party can freely see the contents. Also, by encrypting the contents key Kc by its own save key 
Ks, the receiving unit 170 of the user can use the contents without having the fee charged again in decoding the same 
contents. 

40 [0143] The procedures for decoding the encrypted contents data Ks(Cont) encrypted by the save key Ks and for 
transferring the decoded contents data to another equipment by the information processing unit 1 00 of the user will now 
be described. 

[0144] In the mass storage unit 180 of the receiving unit 1 70 of the information processing unit 100. the encrypted 
contents data Kc(Cont) and the encrypted contents key Ks(Kc) are saved. In the storage module 152 provided inside 

45 the receiving unit 170, the save key Ks and the identification information (ID) of this receiving unit 170 are saved. 

[0145] In the case where the contents data is to be decoded from the encrypted contents data Kc(Cont) in the mass 
storage unit 180 and transferred to another equipment, the receiving unit 1 70 of the information processing unit 1 00 first 
reads out the encrypted contents key Ks(Kc) from the mass storage unit 180 (procedure 1), and causes a contents key 
decoding section 1 13 to decode the usable contents key Ks from the encrypted contents key Ks(Kc) using the save key 

so Ks read out from the storage module 152 (procedure 2). Next, the receiving unit 170 reads out the encrypted contents 
data Kc(Cont) from the mass storage unit 180 (procedure 3). causes a contents decoding section 1 14 to decode the 
contents data from the encrypted contents data Kc(Cont) using the contents key Kc (procedure 4), causes an expan- 
sion section 1 16 to expand the decoded contents data to PCM data by ATRAC processing (procedure 5), and then 
causes a watermark embedding section 1 15 to embed the identification information proper to the receiving unit 1 70 to 

55 the expanded contents data and to output the resultant data through an output terminal 118 (procedure 6). 

[0146] In the case where this contents data is to be transferred to another device, the receiving unit 1 70 causes a 
contents encryption section 11 7 to encrypt the contents data by the same contents key Kc and outputs the encrypted 
contents data Kc(Cont) through an output terminal 1 1 9 (procedure 7). 
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[0147] Thus, the identification information proper to the receiving unit 170 in the information processing unit 100 of 
the user who purchased the contents is embedded by watermark embedding processing to the contents data trans- 
ferred from the receiving unit 1 70 to an external device. Therefore, even when a malicious user tries to duplicate and 
sell the contents data, the identification information of the user who purchased the contents is written to the contents 
data, and the user who conducted illegal duplication or the like can be traced, thus improving the crime deterrence. 

Claims 

1. A contents signal receiving device comprising: 

receiving means for receiving an encrypted contents signal; 

storage means for storing the encrypted contents signal received by the receiving means; 

75 decoding means for decoding the encrypted contents signal stored in the storage means when an instruction 

to decode the encrypted contents signal stored in the storage means is given as user-designated information; 
and 

identification information appending means for appending identification information to the contents signal 
20 decoded by the decoding means. 

2. The contents signal receiving device as claimed in claim 1 , wherein the identification information is the identification 
information proper to the contents signal receiving device. 

25 3. The contents signal receiving device as claimed in claim 1 , wherein the identification information is embedded to 
the contents signal as a watermark. 

4. The contents signal receiving device as claimed in claim 1 , wherein the encrypted contents signal is encrypted by 
a contents key; 



30 



35 



40 



45 



the receiving means receiving the contents key; 

the decoding means decoding the encrypted contents signal using the contents key received by the receiving 
means. 

5. The contents signal receiving device as claimed in claim 4, wherein the contents key is encrypted by a distribution 
key; 

the receiving means receiving the contents key encrypted by the distribution key; 

the decoding means decoding the contents key encrypted by the distribution key and decoding the encrypted 
contents signal using the decoded contents key. 

6. The contents signal receiving device as claimed in claim 4, wherein the distribution key is periodically updated. 

7. A contents signal receiving device comprising: 



receiving means for receiving an encrypted contents signal and identification information from an external 
device; 

so decoding means for decoding the encrypted contents signal; and 

identification information appending means for appending identification information to the contents signal 
decoded by the decoding means. 

8. The contents signal receiving device as claimed in claim 7, wherein the identification information is the identification 
55 information proper to the external device. 

9. The contents signal receiving device as claimed in claim 7, wherein the identification information is embedded to 
the contents signal as a watermark. 
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10. A contents processing device comprising: 

decoding means for decoding an encrypted contents signal using a contents key; 

5 log information generation means for generating log information every time the contents key is decoded by the 

decoding means; 

storage means for storing the log information; and 
10 transmission means for transmitting the log information at predetermined timing. 

1 1 . The contents processing device as claimed in claim 10. further comprising receiving means for receiving a contents 
key for decoding the encrypted contents signal. 

75 the decoding means decoding the encrypted contents signal using the contents key received by the receiving 

means. 

12. The contents processing device as claimed in claim 10, wherein the receiving means receives the encrypted con- 
tents signal. 

20 

13. The contents processing device as claimed in claim 10, wherein the transmission mews transmits the log informa- 
tion every predetermined period. 

14. The contents processing device as claimed in claim 10, wherein the contents key received by the receiving means 
25 is encrypted by a distribution key updated every predetermined period, 

the transmission means transmitting the log information when the distribution key is decoded a predetermined 
number of times. 

30 15. The contents processing device as claimed in claim 10, wherein the contents key received by the receiving means 
is encrypted by a distribution key updated every predetermined period. 

the transmission means transmitting the log information when the distribution key is updated. 

36 16. The contents processing device as claimed in claim 15, wherein the predetermined period is a constant period. 

17. The contents processing device as claimed in claim 10. wherein the contents key is provided for each type of con- 
tents signal, the device further comprising: 

40 encryption means for encrypting each contents key decoded by the decoding means, by using a save key; and 

storage means for storing the contents key encrypted by the encryption means. 

18. A contents processing device comprising: 

45 receiving means for receiving an encrypted contents key obtained by encrypting a contents key for decoding 

an encrypted contents signal by using a distribution key updated every predetermined period; 
decoding means for decoding the encrypted contents signal by the contents key; 

accounting information generation means for generating accounting information concerning the use of the 
encrypted contents signal; 
so storage means for storing the accounting information; and 

transmission means for transmitting the accounting information when the distribution key is updated. 

19. A contents processing device comprising: 

55 receiving means for receiving a distribution key. which is a key for decoding an encrypted contents signal and 

is updated every predetermined period; 

decoding means for decoding the encrypted contents signal on the basis of the distribution key; 
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accounting information generation means for generating accounting information concerning the use of the 
encrypted contents signal; 

storage means for storing the accounting information; and 

transmission means for transmitting the accounting information when the distribution key is updated. 

20. The contents processing device as claimed in claim 19, wherein the encrypted contents signal is encrypted by 
using a contents key; 

the receiving means receiving the contents key encrypted by using the distribution key; 

the decoding means decoding the contents key encrypted by using the distribution key, and decoding the 

encrypted contents key using the decoded contents key. 

21 . An encryption processing device comprising: 

decoding means for decoding an encrypted contents key obtained by encrypting a contents key for decoding 
a contents signal; 

log information generation means for generating log information every time the contents key is decoded; 
encryption means for encrypting the contents key by a save key; and 

a one-chip module internally storing the decoding means, the log information generation means and the 
encryption means. 

22. The encryption processing device as claimed in claim 21, further comprising identification information appending 
means for appending identification information to the contents key decoded by the decoding means and outputting 
the resultant contents key to the encryption means. 

23. The encryption processing device as claimed in claim 22, wherein the identification information is embedded to the 
contents key as a watermark. 

24. A contents processing system comprising: 

a first contents processing device including storage means for storing an encrypted contents signal, storage 
means for storing identification information, and transmission means for transmitting the encrypted contents 
signal and the identification information; and 

a second contents processing device including receiving means for receiving the encrypted contents signal 
and the identification information, decoding means for decoding the encrypted contents signal, and identifica- 
tion information appending means for appending the identification information to the contents signal decoded 
by the decoding means. 

25. A contents processing system comprising: 

a contents processing device including decoding means for decoding an encrypted contents signal by a con- 
tents key, log information generation means for generating log information every time the contents key is 
decoded by the decoding means, storage means fro storing the log information, and transmission means for 
transmitting the log information at predetermined timing; and 

an accounting processing device including receiving means for receiving the log information, and accounting 
means for carrying out accounting processing based on the log information. 

26. A contents signal receiving method comprising the steps of: 

receiving an encrypted contents signal; 
storing the received encrypted contents signal; 

decoding the stored encrypted contents signal when an instruction to decode the stored encrypted contents 
signal is given as user-designated information; and 
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appending identification information to the decoded contents signal. 

27. The contents signal receiving method as claimed in claim 26, wherein the identification information is the identifi- 
cation information proper to a contents signal receiving device. 

5 

28. The contents signal receiving method as claimed in claim 26, wherein the identification information is embedded to 
the contents signal as a watermark. 

29. The contents signal receiving method as claimed in claim 26, wherein the encrypted contents signal is encrypted 
w by a contents key, and 

the encrypted contents signal is decoded using the received contents key. 

30. The contents signal receiving method as claimed in claim 29, wherein the contents key is encrypted by a distribu- 
15 tion key, 

the contents key encrypted by the distribution key is received, and 

the contents key encrypted by the distribution key is decoded and the encrypted contents signal is decoded 
20 using the decoded contents key. 

31. The contents signal receiving method as claimed in claim 29, wherein the distribution key is periodically updated. 

32. A contents signal receiving method comprising the steps of: 

25 

receiving an encrypted contents signal and identification information from outside; 

decoding the encrypted contents signal; and 

appending identification information to the decoded contents signal. 

30 33. The contents signal receiving method as claimed in claim 32, wherein the identification information is the identifi- 
cation information proper to the external device. 

34. The contents signal receiving method as claimed in claim 32, wherein the identification information is embedded to 
the contents signal as a watermark. 

35 

35. A contents processing method comprising the steps of: 

decoding an encrypted contents signal using a contents key; 
40 generating log information every time the contents key is decoded; 

storing the log information; and 

transmitting the log information at predetermined timing. 

45 

36. The contents processing method as claimed in claim 35, wherein a contents key for decoding the encrypted con- 
tents signal is received, and 

the encrypted contents signal is decoded using the received contents key. 

50 

37. The contents processing method as claimed in claim 35, wherein the encrypted contents signal is received. 

38. The contents processing method as claimed in claim 35. wherein the log information is transmitted every predeter- 
mined period. 

55 

39. The contents processing method as claimed in claim 35. wherein the received contents key is encrypted by a dis- 
tribution key updated every predetermined period, and 
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the log information is transmitted when the distribution key is decoded a predetermined number of times. 

40. The contents processing method as claimed in claim 35, wherein the received contents key is encrypted by a dis- 
tribution key updated every predetermined period, and 

5 

the log information is transmitted when the distribution key is updated. 

41. The contents processing method as claimed in claim 40, wherein the predetermined period is a constant period. 

w 42. The contents processing method as claimed in claim 35, wherein the contents key is provided for each type of con- 
tents signal, 

each decoded contents key is encrypted by a save key, and 
the encrypted contents key is stored. 

15 

43. A contents processing method comprising the steps of: 

receiving an encrypted contents key obtained by encrypting a contents key for decoding an encrypted contents 
signal by using a distribution key updated every predetermined period; 

20 

decoding the encrypted contents signal by the contents key; 

generating accounting information concerning the use of the encrypted contents signal; 
25 storing the accounting information; and 

transmitting the accounting information when the distribution key is updated. 

44. A contents processing method comprising the steps of: 

30 

receiving a distribution key, which is a key for decoding an encrypted contents signal and is updated every pre- 
determined period; 

decoding the encrypted contents signal on the basis of the distribution key; 

35 

generating accounting information concerning the use of the encrypted contents signal; 
storing the accounting information; and 
40 transmitting the accounting information when the distribution key is updated. 

45. The contents processing method as claimed in claim 44, wherein the encrypted contents signal is encrypted by 
using a contents key, 

45 the contents key encrypted by using the distribution key is received, and 

the contents key encrypted by using the distribution key is decoded and the encrypted contents signal is 
decoded by using the decoded contents key. 



55 
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